Introduction

1.1 For Australian Government entities, a conflict of interest can occur when there is a conflict between the public duties and personal interests of a public official. For example, an official may hold shares in a company that they are regulating or from which they are procuring services. Another example of a conflict of interest is an official on a recruitment panel assessing an application from a family member. Conflicts of interest can be real, apparent and potential. Real conflicts of interest occur when personal interests improperly influence officials in performing their public duties.

Conflict of interest risks for Australian Government entities

1.2 The Commonwealth Fraud Risk Profile notes that conflicts of interest are a common enabler of internal fraud. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar in integrity architectures.¹⁰

1.3 The NACC’s Corruption prevention priorities for 2024 identified conflicts of interest as one of three areas of focus:

Conflicts of interest happen when public officials have personal connections or interests that could be affected by the decisions they make in their jobs. Not every conflict leads to corrupt conduct, but there is a conflict of interest at the heart of most corruption.

Conflicts of interest are inevitable. Public officials must be able to identify them and manage them properly to prevent them becoming integrity issues.¹¹

1.4 The NACC and the Australian Public Service Commission (APSC) have highlighted four functions commonly undertaken by Australian Government entities that have heightened risk of conflicts of interest (see Table 1.1).

Table 1.1: Entity activities with heightened risk of conflicts of interest

Source: NACC, Towards Integrity Maturity: Mapping the Commonwealth integrity landscape, undated, available from https://www.nacc.gov.au/sites/default/files/documents/2023-08/CIMF-towards-integrity-maturity-mapping-the-commonwealth-integrity-landscape_0.pdf [accessed 23 May 2024]; and APSC, APS Values and Code of Conduct in practice, September 2021, available from https://www.apsc.gov.au/publication/aps-values-and-code-conduct-practice/section-5-conflict-interest [accessed 23 May 2024].

1.5 To assist entities in managing integrity risks, the NACC has developed a Commonwealth Integrity Maturity Framework. The framework outlines eight integrity principles derived from Australian Government integrity laws, policies and procedures, all of which relate to managing conflicts of interest (see Table 1.2).

Table 1.2: Obligations and controls from Commonwealth Integrity Maturity Framework related to conflicts of interest

Source: ANAO analysis, based on NACC, 8 Integrity Principles and Maturity Indicators, no date, available from https://www.nacc.gov.au/8-integrity-principles-and-maturity-indicators [accessed 23 May 2024].

Legislative and policy frameworks for managing conflicts of interest

Public Governance, Performance and Accountability Act

1.6 The Commonwealth Resource Management Framework governs how Australian Government entities use and manage public resources. The cornerstone of the framework is the Public Governance, Performance and Accountability Act 2013 (PGPA Act). The PGPA Act sets out general duties of accountable authorities and officials of Australian Government entities.¹²

1.7 Relevant to conflicts of interest, an official of a non-corporate Commonwealth entity or corporate Commonwealth entity¹³ has duties that include:

• not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth, or others¹⁴; and
• disclosing the details of any material personal interests that relate to the affairs of the entity.¹⁵

1.8 The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on this requirement.¹⁶ Material personal interests must be disclosed as soon as practicable after becoming aware of them or when there are changes in the interests. Further:

• an accountable authority must disclose such interests in writing to their minister;
• members of an accountable authority must disclose such interests orally or in writing to other members at a meeting of the accountable authority and have the disclosure recorded in the minutes; and
• other officials must disclose such interests in accordance with any instructions given by the accountable authority of the entity.

1.9 Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.¹⁷ In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud relating to the entity.¹⁸ To assist in meeting these requirements, the accountable authority is authorised to issue accountable authority instructions, which can impose obligations additional to the minimum standards established under the PGPA Act and PGPA Rule.

1.10 The Department of Finance’s Resource Management Guide 203: General Duties of Officials (RMG 203) provides guidance on general duties of officials, including the duty to disclose material personal interests in accordance with the PGPA Act. RMG 203 states:

The overriding principle for a declaration of a material personal interest should be: if in doubt, declare the interest in accordance with the appropriate process. Taking this step should protect both the official and the Commonwealth entity.

A material personal interest is one that can give rise to a real or apparent conflict of interest that could affect the ability of an official to discharge their duties.¹⁹

Public Service Act

1.11 The Australian Public Service (APS) is established by the Public Service Act 1999 (PS Act) and consists of agency heads and APS employees engaged under the PS Act.²⁰ The PS Act includes the APS Values and Code of Conduct, which outline principles and requirements for APS employees in relation to managing conflicts of interest, including that an APS employee must:

(a) take reasonable steps to avoid any conflict of interest (real or apparent) in connection with the employee’s APS employment; and

(b) disclose details of any material personal interest of the employee in connection with the employee’s APS employment.²¹

1.12 The APSC’s APS Values and Code of Conduct in practice guide outlines expectations for APS employees for managing conflicts of interest in accordance with the PGPA Act and APS Code of Conduct. The guide states that:

Agency heads and Senior Executive Service (SES) employees are subject to a specific regime that requires them to submit, at least annually, a written declaration of their own and their immediate family’s financial and other material personal interests.²²

1.13 The guide notes that agency heads are responsible for ensuring conflicts of interest are effectively managed and should establish systems for registering interests, assessing the materiality of interests, and mitigating any conflicts that may arise.

Australian Financial Security Authority’s management of conflicts of interest

1.14 The Australian Financial Security Authority (AFSA) is a non-corporate Commonwealth entity and engages staff under the PS Act. Its officials are subject to the PGPA Act and PS Act requirements for disclosing material personal interests.

1.15 AFSA’s average staffing level was 462 in the 2024–25 Budget. AFSA’s combined departmental and administered resources is $415,583,000 in the Portfolio Budget Statements for 2024–25.

1.16 AFSA is a regulatory entity. Its activities involve managing the application of bankruptcy laws and the personal property securities register within Australia. This is performed through AFSA’s fulfilment of the following statutory roles under the Bankruptcy Act 1966 and the Personal Property Securities Act 2009:

• Inspector-General in Bankruptcy;
• Official Receiver;
• Official Trustee in Bankruptcy (Official Trustee); and
• Registrar of Personal Property Securities.

1.17 AFSA’s 2023–24 Corporate Plan states:

Regulators face inherent conflict in their objectives and in their client and stakeholder needs, yet maintaining a balanced system is one of the most important aspects of good regulations, confidence and integrity.

Rationale for undertaking the audit

1.18 According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.²³ Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosure and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework. Section 29 of the PGPA Act provides a duty to disclose material personal interests. The APS Code of Conduct states that an APS employee must disclose, and take reasonable steps to avoid, any conflict of interest (real or apparent) in connection with APS employment. As a regulator, AFSA faces inherent risks relating to conflict of interest.

1.19 The audit was conducted to provide assurance to the Parliament over the effectiveness of AFSA’s management of conflicts of interest.

Audit approach

Audit objective, criteria and scope

1.20 The objective of the audit was to assess the effectiveness of AFSA’s management of conflicts of interest.

1.21 To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria.

• has AFSA developed appropriate arrangements to manage conflicts of interest?
• did AFSA effectively manage conflicts of interest consistent with its own policies?

1.22 The audit examined the management of conflicts of interest by AFSA over the period 1 January 2022 to 31 December 2023.

Audit methodology

1.23 To address the audit objective, the audit team:

• met with officials responsible for managing conflicts of interest at AFSA;
• reviewed legislative, policy and internal arrangements related to conflicts of interest;
• examined relevant risk registers, particularly for fraud and corruption risks;
• examined training and internal messaging to officials on conflicts of interest;
• reviewed records to support declarations of conflicts of interest and mitigation strategies; and
• examined the monitoring and reporting arrangements for conflicts of interest, including follow-up of breaches of conflict of interest policies.

1.24 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $363,000.

1.25 The team members for this audit were Mark Tsui, Rajeev Verma, Warwick Jay and Daniel Whyte.

2.1 Conflicts of interest can be a source of internal fraud and corruption risks for Australian Government entities, particularly in relation to procurement, recruitment, regulation, grants management and service delivery.

2.2 Entities need to establish arrangements for declaring interests, and managing and overseeing conflicts of interest, that are informed by assessments of entity-specific risks. To promote compliance with these arrangements, entities should provide training and education on relevant obligations and processes, and establish mechanisms to obtain assurance over the effectiveness of controls.

Has AFSA assessed its conflict of interest risks?

2.3 AFSA’s risk management framework and policy are combined into a single document titled Managing Risk at AFSA. AFSA uses a ‘critical control approach’ to manage risk, which involves identifying and assessing the effectiveness of key controls that mitigate AFSA’s key strategic and enterprise risks (outlined in Table 2.1).²⁴ Under this approach, AFSA did not assess the likelihood or consequences of its strategic and enterprise risks. Instead, it focussed on verifying and assessing the operating effectiveness of relevant controls that mitigate its risks.

Table 2.1: AFSA’s strategic and enterprise risks

Source: AFSA, Managing Risk at AFSA, 2023.

2.4 On a quarterly basis, AFSA prepared a risk reporting dashboard which was presented to risk owners and AFSA’s Audit and Risk Committee. The dashboard was supported by risk summary sheets and ‘bowties’²⁵ for each risk. The risk summary sheet included a risk statement, risk event context and further commentary from risk owners and AFSA’s Risk team. The ‘bowties’ outlined the critical controls implemented by AFSA to mitigate each of its strategic and enterprise risks. For each critical control²⁶, a quarterly critical control profile was prepared which detailed related controls implemented by AFSA. It also detailed the activities performed to verify their operation and an assessment of their effectiveness.

Conflict of interest risk

2.5 AFSA has not explicitly identified ‘conflicts of interest’ as a key strategic or enterprise risk.

2.6 There were no direct references to conflict of interest risks or controls in the risk summary sheets for each of AFSA’s strategic and enterprise risks. Three risk summary sheets referred to risks associated with staff integrity and AFSA’s role as a regulator, but did not make a direct connection to conflict of interest risks (see Appendix 3).

2.7 AFSA had one critical control profile, SR-01-04 ‘Procurement and Contract Management’ (see Appendix 4), that made a direct reference to conflict of interest, as one of a series of controls for contractor onboarding.

2.8 There were no supplementary risk assessments or risk registers that had been developed at a Group or Division level.

2.9 The National Anti-Corruption Commission’s (NACC’s) Commonwealth Integrity Maturity Framework (discussed at paragraph 1.5) outlines the need to embed integrity risk management (including conflict of interest risks) in key business processes and develop and implement policies, resources and systems to manage identified integrity risks.

Regulatory capture risk

2.12 Regulators need to maintain independence to effectively perform their function. The 2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Hayne Royal Commission) stated that ‘the risk of regulatory capture is well acknowledged’²⁷. The Parliamentary Joint Committee on Corporations and Financial Services, in its 2019 report on Statutory Oversight of the Australian Securities and Investments Commission, the Takeovers Panel and the Corporations Legislation, stated that:

The committee considers that regulatory capture is a significant issue faced by Australian regulators generally, given the size and power of corporations that operate in Australia.²⁸

The committee defined regulatory capture as:

[I]nstances where regulators are excessively influenced or effectively controlled by the industry they are supposed to be regulating. There are three areas in which particular risks arise for regulatory capture:

• staff moving between industry and regulatory jobs;
• secondments; and
• where regulatory staff are embedded in private sector organisations (that is, required to conduct their work within the workplace of industry participants, away from their home base at the regulator).²⁹

2.13 AFSA has not specifically identified regulatory capture as a risk in its risk management framework. While strategic risks in relation to ‘External User Decision Making’ and ‘Regulatory Failure’ have been identified by AFSA, the related risk statements and risk event contexts for these risks do not refer to the potential for conflicts of interest or regulatory capture to impact on AFSA’s regulatory activities.

2.14 The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) sets out requirements with which entities must comply in relation to their corporate plans. This includes that corporate plans include ‘a summary of the risk oversight and management systems of the entity, and the key risks that the entity will manage and how those risks will be managed’.

2.15 The ‘Regulating firmly and fairly’ section of AFSA’s 2023–24 Corporate Plan states:

Regulators face inherent conflict in their objectives and in their client and stakeholder needs, yet maintaining a balanced system is one of the most important aspects of good regulation, confidence and integrity.

…

As a regulator we will … maintain independence

2.16 The ‘Risk oversight and management’ section of AFSA’s 2023–24 Corporate Plan provides a description of AFSA’s strategic risks, including the risk of ‘Regulatory Failure’. While this risk broadly relates to ineffective regulation, there is no explicit reference to regulatory capture or lack of independence when describing why ‘Regulatory Failure’ is a risk or how AFSA manages this risk.

Has AFSA developed appropriate arrangements for declaring, managing and overseeing conflicts of interest?

AFSA’s conflict of interest policy, guidance and supporting templates

2.18 Section 1.5 of AFSA’s Accountable Authority Instructions (AAIs) states:

The overriding principle for a declaration of a material personal interest is, ‘if in doubt, declare the interest’.

2.19 In November 2020, AFSA issued a Conflict of Interest Policy (COI policy) which:

• defines the terms ‘conflict of interest’ and ‘material personal interest’;
• describes AFSA’s conflict of interest declaration requirements for key functions and activities where conflicts of interest may arise — such as Senior Executive Service (SES) declarations of material personal interests, outside employment, procurement, recruitment and enforcement;
• provides guidance on strategies for managing conflicts (declare/disclose, restrict, recruit, remove, relinquish and resign); and
• includes guidance supporting the ongoing monitoring of identified conflicts.

2.20 The COI policy states:

Declarations are only useful where they are monitored and updated on an ongoing basis. After a conflict of interest is disclosed, it must be regularly monitored by the discloser’s manager. The risks or circumstances can change and develop new characteristics that may need additional action. The level of monitoring required should be commensurate with the scope and complexity of the particular conflict of interest. Managers must regularly review the [Management Action Plan (MAP)] and discuss it with the person declaring the conflict to ensure the MAP remains effective and that all conflicts are current and recorded accurately.

2.21 The COI policy includes links to the following related guidance:

• Declarations of Personal, Financial and Other Interests Policy (2017)³⁰ — which sets out requirements for the Chief Executive, SES staff and other people identified by AFSA as key management personnel (KMP) to make annual declarations of material personal and financial interests (including interests of immediate family members);
• Handling of Gifts and Benefits Policy (2020) — which describes standards expected of AFSA employees in relation to receiving and giving gifts and benefits, and includes processes for assessing and managing related conflicts of interest;
• Employee Relations Advice (ERA) – Approval for Employment Outside AFSA (2015) — which provides guidance in relation to employees wishing to engage in outside employment, including related conflict of interest considerations;
• Guide to Governance at AFSA Policy (2021) — which provides an overview of governance requirements for members of ‘official’ governance committees (discussed further at paragraph 2.44), including requirements for identifying and managing conflicts of interest arising from these duties;
• Recruitment – Legislative Guidelines (no date) — which provides an overview of AFSA’s recruitment and selection processes and employment principles; and
• Enforcement Policies and Procedures Manual (2022) — which outlines guidelines by which enforcement personnel investigate offences and contraventions of law within AFSA’s jurisdiction, including related requirements supporting the disclosure and management of conflicts of interest arising from these activities.

2.22 The COI policy includes links or references to the following conflict of interest templates:

• Declaration of Personal, Financial and Other Interest;
• Request for Secondary External Employment;
• Conflict of Interest Declaration – Boards and Committees (AFSA staff);
• Recruitment and Selection Conflict of Interest Declaration;
• Conflict of Interest Declaration – Procurement (AFSA staff);
• Conflict of Interest Declaration – Procurement (Non-AFSA staff); and
• Declaration of interests form (for ad hoc staff declarations).

2.23 AFSA has published guidance on its staff intranet which provides employees with further information regarding their conflict of interest obligations:

• ‘Manage conflicts of interest’ intranet page — which summarises key information and requirements from AFSA’s COI policy, and includes links to the COI policy and some of the related policies and guidance referenced in paragraph 2.21;
• ‘Handle gifts and benefits’ intranet page — which summarises key information and requirements from AFSA’s Handling of Gifts and Benefits Policy, and includes links to the policy, the ‘Manage conflicts of interest’ intranet page and AFSA’s gifts and benefits register; and
• ‘Apply for outside employment’ intranet page — which describes AFSA’s outside employment application and approval requirements, and includes links to AFSA’s Approval for Employment Outside AFSA ERA, the ‘Manage conflicts of interest’ intranet page and the Outside employment Aurion form (available via Aurion self-service³¹).

2.24 AFSA’s COI policy has not been updated since it was issued in November 2020. It was due for review in November 2021. The policy no longer reflects AFSA’s current operating environment or key better practice guidance.³² All 13 hyperlinks to supporting guidance and declaration templates included in the COI policy (refer to paragraphs 2.21 and 2.22) were broken. This reduces the usability of the COI policy for AFSA employees who are seeking to acquit their conflict of interest obligations.

2.25 In May 2023, AFSA’s Chief Operating Officer commenced an internal review of its integrity functions, which included examination of arrangements for managing conflicts of interest.

2.26 AFSA commenced a review of its COI policy in mid-2023. In May 2024, AFSA informed the ANAO that this project remained ongoing and provided drafts of the revised policy, dated September 2023 and December 2023.

2.27 In November 2023, AFSA seconded a resource from the Australian Taxation Office to assist with the uplift of its fraud and integrity arrangements. In April 2024, AFSA completed an assessment of its maturity against the Commonwealth Fraud and Corruption Framework, which came into effect on 1 July 2024.³³ Following this assessment, six ‘priority maturity enhancement initiatives’ were planned to assist maturation of AFSA’s fraud and corruption control environment and demonstrate compliance with associated requirements. AFSA’s conflicts of interest risks and controls have been considered in the maturity assessment and priority initiatives.

Conflict of interest declarations

SES annual declarations of material personal interests

2.28 In December 2023, the Australian Public Service (APS) Commissioner wrote to Agency Heads, including the AFSA CEO, to raise awareness of integrity themes observed across the APS, and seek cooperation in ensuring that senior staff were meeting their obligations under the APS Values and Code of Conduct. With respect to conflicts of interest, the letter states:

[A]ll agency heads and SES employees are required to submit, at least annually, a written declaration of their own and their immediate family’s financial and other material personal interests.

In the first instance, employees are required to take measures to avoid conflicts of interest. Where a conflict of interest is identified—be it real, perceived, or potential—it must be managed; for example, by an employee withdrawing from particular discussions, restricting the flow of information, abstaining from decisions, reassignment of duties, or relinquishing the interest or the position.

I ask that you ensure you and your SES employees have up-to-date declarations in place, as well as strategies in your agency to mitigate or manage conflicts that are identified. I ask, too, that you ensure similar arrangements are in place for all relevant agency functions and processes, such that conflict of interest declarations are triggered for those participating in activities such as recruitment, procurement, awarding grants, or performing regulatory roles.

2.29 As of May 2024, AFSA had not taken any specific actions in response to the letter received from the APS Commissioner in December 2023.

2.30 AFSA’s Key Management Personnel and Related Party Disclosures (2022) sets out requirements for the Chief Executive, SES personnel, and other people identified by AFSA as KMP to make annual declarations of personal financial and other interests (including interests of immediate family members). The policy states:

Declarations occur annually, generally towards the end of financial year. If an employee experiences a change in their personal circumstances or responsibilities relevant to this policy outside of the annual declarations cycle, the employee will review, revise and resubmit their declarations as soon as possible.

2.31 In 2021–22 AFSA’s annual SES and KMP³⁴ declaration process was supported by the completion of a Declaration of Personal, Financial and Other Interest form. The form requires SES and KMP to declare their own, and their immediate family’s financial and other material personal interests in accordance with the APS Code of Conduct, and related guidance published by the APSC.

2.32 In 2022–23 AFSA relied on its Related Party Disclosures form to satisfy the annual SES disclosure requirement. The form states:

Details on related party transactions with the Australian Financial Security Authority (AFSA) are collected by the Chief Financial Officer, Corporate Services to comply with Australian Accounting Standard AASB 124 Related Party Disclosures in accordance with the Public Governance, Performance and Accountability Act 2013. AASB 124 requires disclosure of related party transactions undertaken with AFSA.

2.33 The Related Party Disclosures form records a subset of the information that SES are expected to disclose, in accordance with APSC’s guidance. The form does not record material non-financial interests, or material financial interests that may give rise to a potential or perceived conflict of interest.

Gifts, benefits and hospitality

2.34 Section 27 of the PGPA Act states that an official must not improperly use their position to gain, or seek to gain, a benefit to themselves or another person. The giving or receiving of gifts, benefits and hospitality can create the perception that an official is subject to inappropriate external influence. Perceptions of this sort can give rise to reputational risks for public entities, including the legitimacy and integrity of regulators.

2.35 AFSA’s Handling of Gifts and Benefits Policy applies to employees, staff from labour hire agencies and contractors. The policy states that:

Where an employee is offered a gift or benefit that exceeds $AUD100.00 (excluding GST), they should notify the relevant decision maker and seek approval prior to acceptance. All gifts and benefits that exceeds [sic] $AUD100.00 (excluding GST) should be reported and recorded on the AFSA gift register.

AFSA’s reputation for integrity and professionalism would be seriously damaged if a person employed by AFSA were influenced, or perceived to be influenced, in the course of their employment by gifts or benefits. Therefore … [a]n employee must not solicit or accept gifts or benefits from any organisation or individual [t]hat is intended to influence the employee’s judgement, or may give the appearance of a conflict of interest or may otherwise be improper.

The decision maker for determining whether a gift or benefit can be accepted is the relevant Senior Executive Service Officer or Chief Operating Officer.

2.36 AFSA’s gifts and benefits declaration process does not require recipients or approvers to document, whether the acceptance of a gift, benefit or hospitality may give risk to an actual, potential or perceived conflict of interest. There is no record of consideration or assessment of a conflict of interest for gifts and benefits offered to AFSA officials.

Outside employment

2.38 Section 5.9 of the APSC’s APS Values and Code of Conduct in practice guide states:

APS employees should consult their agency’s policy when considering whether to engage in outside employment, including directorships of an organisation. Outside employment includes paid work, such as running a business, maintaining a professional practice, or acting as a tax agent, as well as unpaid work. Generally, employees are able to work outside the APS if it does not conflict with their official duties. The main risk of engaging in outside employment is that it may create a real or apparent conflict of interest.³⁵

2.39 The Approval for Employment Outside AFSA employee relations advice applies to all employees seeking to engage in employment outside AFSA, whether paid or voluntary. The advice states:

Applications for approval to engage in outside employment should include whether, in the applicant’s opinion, the outside employment might reasonably be construed by the public as involving a conflict of interest.

[E]mployees should not engage in employment outside AFSA if that employment places them in a position where there is potential for any conflict of interest (real or apparent) to arise.

2.40 With respect to approval requirements, the advice states:

• In considering whether a conflict of interest may exist, or appear to exist, in relation to company directorships or to paid or unpaid employment with companies, businesses or organisations, the following circumstances should be taken into account:
• whether the company, business or organisation is in, or is in the process of entering into, a contractual relationship with the Commonwealth or its authorities;
• whether the company, business or organisation is in receipt of Commonwealth Government assistance the entitlement to which depends on the exercise of discretion by a Commonwealth official;
• whether the company, business or organisation’s primary purpose is to lobby Ministers, Members of Parliament, government departments and authorities;
• whether AFSA is in a regulatory relationship with the company, business or organisation; and
• whether the company, business or organisation deals with or is likely to deal with AFSA in some capacity including but not limited to law firms, accounting firms and major ICT suppliers.

2.41 The advice requires regular review of outside employment that is approved and states: ‘Approval to undertake outside employment will be reviewed at least on an annual basis.’

2.42 In June 2023, AFSA replaced its a paper-based Request for Secondary External Employment form with a digital application form, which is available to AFSA employees via Aurion self-service. The digital form uses a workflow approval process which involves:

• initial approval from the employee’s line manager;
• secondary approval from AFSA’s Chief People Officer; and
• final approval from the applicant’s SES officer (applications from SES officers require approval by AFSA’s Chief Executive Officer).

2.43 This workflow approval process is described on AFSA’s ‘Apply for outside employment’ intranet page. The workflow approval process is inconsistent with the application and approval process described in AFSA’s COI policy and Approval for Employment Outside AFSA advice. Both documents refer to the use of the paper-based Request for Secondary External Employment form and incorrectly identify the secondary approver as AFSA’s ‘Director People and Capability’, as opposed to AFSA’s Chief People Officer (refer paragraph 2.42).

Governance committees

2.44 AFSA’s Guide to Governance at AFSA Policy provides an overview of governance requirements for members of ‘official’ governance committees, including requirements for identifying and managing conflicts of interest arising from these duties. The policy states that ‘official’ governance committees at AFSA consist of the following:

• AFSA Management Board (AMB) — responsible for assisting AFSA’s Chief Executive (the accountable authority) to set and manage the strategic direction of AFSA as a Commonwealth agency;
• AFSA Investment Committee — responsible for supporting the AMB through leading AFSA-wide change initiatives;
• AFSA Insolvency Program Committee — responsible for supporting the AMB by delivering on the strategic direction set by the AMB for the Insolvency Program; and
• AFSA PPSR Program Committee — responsible for supporting the AMB by delivering on the strategic direction set by the AMB for the Personal Property Securities Register (PPSR) Program.

2.45 The policy states:

All formal governance bodies require members to declare conflicts of interest. All meeting attendees, including members, advisors, observers and Secretariat should declare conflicts of interest if they arise.

The Chair must ensure all new members complete the Conflict of Interest Declaration (Boards and Committees) prior to attending their first meeting.

Conflict of Interest should also be included as a standing agenda item for all formal governance body meetings.

The Chair is responsible for ensuring members of formal governance update their Conflict of Interest declarations annually.

2.46 AFSA’s 2022–23 Annual Report states:

In January 2023, AFSA implemented a new governance model, streamlining and simplifying reporting and decision-making mechanisms. The new structure is designed to suit AFSA’s size, support the accountable authority – AFSA’s Chief Executive, reinforce individual executive accountability and ensure that governance bodies add value without creating unnecessary burden.

The Executive Committee assists the Chief Executive to set and manage the strategic direction of AFSA. The committee delivers strategy and policy, makes significant decisions and provides organisational oversight. The Executive Committee was established in January 2023 and met 11 times during 2022–23. Prior to January 2023, the AFSA Management Board assisted the Chief Executive to set and manage the strategic direction of AFSA.

The AFSA External Advisory Committee was established in March 2023 and provides the Chief Executive with a source of strategic advice, insight and environmental scanning. The AFSA External Advisory Committee met once during 2022–23.

The Audit and Risk Committee provides independent advice to the Chief Executive on the appropriateness of AFSA’s financial and performance reporting, its system of risk oversight and management and its system of internal control.

2.47 The Insolvency Program Committee and PPSR Program Committee were closed at the end of 2022 following changes within the Regulatory Operations Group.

2.48 The Guide to Governance at AFSA Policy no longer reflects AFSA’s current governance committee structures.

Recruitment

2.49 Section 5.6.3 of the APSC’s APS Values and Code of Conduct in practice guide states:

Where a person involved in a recruitment or promotion exercise has a relationship with an applicant that might give rise to a conflict of interest, it must be disclosed, for example to the delegate and any other panel members. It may then be decided whether the employee making the disclosure should stand aside from the process or the consideration of the particular candidate.³⁶

2.50 AFSA’s COI policy states:

[AFSA’s recruitment process] requires all members of a Selection Advisory Committee [SAC] to complete the Recruitment and Selection Conflict of Interest Declaration form and to be endorsed by the delegate after receiving applications and prior to shortlisting. This declaration must be attached to the final SAC Report.

2.51 AFSA’s Recruitment and Selection Conflict of Interest Declaration form states:

To meet the objective and expectations of the APS regarding recruitment and selection, this declaration must be completed by all members of a Selection Advisory Committee (SAC) and considered by the delegate after the receipt of applications by AFSA and before any form of selection decision i.e., shortlisting has been made.

The types (which are not limited) of real or apparent conflicts regarding recruitment and selection may include being a SAC member to a candidate who is a family member, a personal relationship or a business associate. In the event an AFSA employee is making a selection decision regarding a team member, subordinate or close associate, a declaration should be made if the workplace relationship could be perceived to have a personal aspect.

ALL members of the SAC, including the Delegate, must complete the Conflict of Interest Declaration prior to short-listing.

[emphasis in original]

2.52 The requirement in AFSA’s Recruitment and Selection Conflict of Interest Declaration form for the delegate to complete the declaration is inconsistent with the guidance included in AFSA’s COI policy, which states that the declaration requirement only applies to SAC members.

Post-separation employment

2.53 Section 5.10.2 of the APSC’s APS Values and Code of Conduct in practice guide states:

There are three key risks involved when an employee accepts employment in a field that is aligned to his or her APS responsibilities:

1. that the employee, while still employed in the APS, would use their position to influence decisions and advice in favour of the prospective new employer
2. that the former employee would reveal confidential Commonwealth information to their new employer or provide other information that would give the new employer an advantage in its business dealings
3. that the former employee would exploit their knowledge of the APS and other areas of the Commonwealth public sector and the Government to lobby, or otherwise seek advantage, for their new employer in dealing with the Commonwealth. There may be a perception that the former employee will have a greater ability to influence their former colleagues in their decision-making.³⁷

2.54 With respect to managing post-separation employment risks, the guide states:

There are no legislative provisions which allow the Commonwealth to impose general post-separation employment restrictions on former employees. However, policy can operate to restrict the dealings of current employees with their former colleagues.

A restraint clause can be included in an employee’s contract of employment, where an employee may agree not to work for certain employers, or establish certain types of businesses, for a period of time after they leave the APS. For such an agreement to be enforceable it would need to be ‘reasonable’ in terms of the interests of the parties and the interests of the public.

Agency heads may put in place broad policy guidelines which include, for example, suggested periods of time that an employee should wait after leaving the APS before they work in business areas that have direct contact with their former agency.³⁸

2.55 The guide further states:

On receiving advice of a conflict arising from an employee’s intention to leave the APS, it would be good practice for the agency head, or a nominated person, to discuss with the employee steps to be taken to avoid or mitigate any conflict of interest while the employee is still employed in the APS. The steps may include:

1. re-allocation of the employee’s duties
2. temporary movement of the employee to a different work area
3. taking leave until the new appointment commences.³⁹

2.56 The Department of the Prime Minister and Cabinet’s (PM&C’s) Louder Than Words: An APS Integrity Action Plan publication states:

Career mobility between the public and private sector presents opportunities and risks. To maintain public confidence in the integrity of public officials, the ‘revolving door’ and the management of conflicts of interest across the APS needs to be strengthened.⁴⁰

2.57 AFSA has not established processes to identify and manage conflicts of interest arising from post-separation employment.

Procurement

2.58 The APSC’s APS Values and Code of Conduct in practice guide identifies that there is an elevated risk of conflicts of interest arising as part of procurement activities (refer to Table 1.1).

2.59 Section 5.1 of AFSA’s COI policy states:

AFSA staff must complete the Conflict of Interest Declaration – Procurement (AFSA staff) form where a conflict has been identified.

2.60 This policy requirement is inconsistent with the content of the Conflict of Interest Declaration – Procurement (AFSA staff) form which requires all AFSA staff involved in a procurement to complete a conflict of interest declaration, irrespective of whether they have a conflict to declare. The ‘Declaration of interests and disclosure statement’ on the form states:

I declare that to the best of my knowledge neither I nor any member of my immediate family have any interest (pecuniary or otherwise) which could possibly be construed as having any influence, or perceived to have influence, on the proper and objective performance by me or my duties in relation to this project other than as detailed below.

2.61 In November 2023, AFSA completed an internal audit⁴¹ on procurement and contract management. The objective of the internal audit was to assess whether AFSA had designed and implemented effective controls to appropriately manage procurement and contract management activities.

2.62 The report identified that AFSA did not have:

[P]rocurement-specific guidance specifying how CoI risks associated with procurements are to be managed. For example, guidance on:

• Who is required to complete a CoI declaration and at what point in the procurement cycle. For example, all personnel involved in a procurement (regardless of the procurement value or risk), all personnel involved in procurements over a certain dollar threshold or risk level, and/or tender evaluation committee members; and
• Action to be taken if an actual or perceived conflict of interest is identified during a procurement. There is limited guidance on how to manage an actual or perceived conflict of interest through the procurement process, with the procurement policy only directing officials on commercially sensitive information. Inadequate management of a perceived or actual conflict of interest opens AFSA to external scrutiny and potential reputational damage.

2.63 The internal audit report recommended the following action to address the identified issues:

With regards to Conflict-of-Interest management for AFSA Personnel: (a) Consider if all staff involved in a procurement process (regardless of procurement type) should complete Conflict of Interest Declarations. A complexity, risk and value lens could be applied; and (b) Update the Procurement and Contract suite of documents and guidance to capture this requirement (i.e. the process map, templates).

2.64 The recommendation was accepted by AFSA with a target implementation date of 30 June 2024. In May 2024, AFSA advised the ANAO that it is now a mandatory requirement for all staff involved in a procurement evaluation process to complete a conflict of interest declaration. AFSA further advised that it was in the process of updating related documentation and guidance to reflect this new requirement.

Practitioner Surveillance

2.65 The APSC’s APS Values and Code of Conduct in practice guide identifies that there is an elevated risk of conflicts of interest arising in the course of regulating individual or business activities (refer to Table 1.1).

2.66 The Practitioner Surveillance team within AFSA’s Education, Surveillance and Enforcement division performs the functions, and exercises the regulatory powers, of the Inspector-General in Bankruptcy. AFSA’s website states that the team is responsible for:

• administering a registration scheme to ensure that only suitably-qualified people are licensed to practice as personal insolvency practitioners
• monitoring the standard of bankruptcy trustees (including the Official Trustee) and debt agreement administrators and their administrations through a targeted program of inspections and other compliance monitoring activities
• investigating complaints made by creditors or debtors against bankruptcy trustees, debt agreement administrators and solicitor controlling trustees
• conducting statutory reviews of some bankruptcy trustees’ decisions at the request of bankrupts or as initiated by the Inspector-General
• working with bankruptcy trustees and debt agreement administrators to improve knowledge and practice of the Bankruptcy Act.⁴²

2.67 During 2022–23, AFSA reported that its Practitioner Surveillance team:

• approved 13 new insolvency practitioner registrations;
• finalised 130 applications for Inspector-General reviews;
• completed 39 inspections;
• attended 22 creditor meetings;
• finalised 194 complaints against insolvency practitioners; and
• reviewed 2 insolvency advertisements.⁴³

2.68 AFSA’s COI policy does not articulate any specific conflict of interest declaration requirements for staff working within the Practitioner Surveillance team. In March 2021, AFSA advised the Practitioner Surveillance team:

On 3 November 2020, AFSA released its Conflict of Interest Policy. In order to make it easier for staff to ensure conflict of interest declarations are made upfront for Regulation activities, some checklists have been updated to make it easier in identifying and disclosing conflicts of interests when undertaking the work you do. The updated checklists are available for your immediate use [linked folder].

2.69 The email included links to 11 checklists that are used to support regulatory activities performed by the team. Each checklist was updated to include the following additional step:

Complete declaration of interest template where inspectors have an actual, apparent or potential conflict of interest in relation to this activity. Please indicate where there are no conflicts of interest identified. The obligation to declare conflicts of interest is ongoing and should be revisited throughout all stages of this activity. See the AFSA Conflict of Interest Policy for further information on declaring conflicts.

2.70 Completed checklists are required to be maintained in the Regulation and Enforcement Case Management System (RECM).

2.71 The Practitioner Surveillance team has developed two procedures which include consideration of conflicts of interest and independence risks, and associated mitigations.

• The Prepare for [Official Trustee] inspection Standard Operating Procedure (SOP) describes processes for arranging and planning inspections for the Official Trustee (OT). The SOP recognises ‘lack of independence (actual or perceived)’ as a key risk and notes the following three mitigating controls:
  
  • A different team is chosen each year to inspect [the] OT functions
  • Inspectors recently transferred from [the AFSA team that provides OT functions] are not involved in inspecting administrations from their old team
  • Inspectors [are required] to adhere to “R&E Guide on Professional Conduct” published on the [AFSA] intranet.
• The National Allocations Work Instruction (WI) describes the role of the National Allocation Team (NAT)⁴⁴ and related processes for allocating of regulatory activities to team members. One of NAT’s considerations when allocating work to inspectors is:
  
  Familiarity – Work may be allocated to staff with previous knowledge of issues to keep continuity However, in other cases it may be allocated to a different person if it is perceived a potential conflict may arise.

2.72 AFSA advised ANAO in May 2024 that the NAT’s allocation of work to Practitioner Surveillance team members involved random allocations to geographically dispersed Practitioner Surveillance teams using a macro-enabled Excel spreadsheet.

• The spreadsheet considers the resourcing available in different locations (to ensure an equitable distribution of work) and whether there are existing matters underway in relation to the impacted insolvency practitioners (as this may inform how the work is allocated and managed). The NAT does not have any explicit mechanisms to gain assurance that ‘familiarity’ or ‘independence’ risks are being appropriately managed.
• Assistant Directors within Practitioner Surveillance teams subsequently allocate work to members in their team based on available capacity. Considerations in relation to managing potential conflicts of interest and independence risks are not explicitly considered as part of this process. The control environment relies on reactive controls whereby team members are expected to self-declare any conflicts that require management.

Enforcement

2.74 The APSC’s APS Values and Code of Conduct in practice guide identifies that there is an elevated risk of conflicts of interest arising when making binding decisions, including issuing determinations on matters and exercising statutory powers (refer to Table 1.1).

2.75 AFSA’s COI policy states:

Investigators must make a disclosure to the relevant Assistant Director as soon as a conflict is identified. The conflict of interest is also documented in FORCE.⁴⁵ Refer to the Enforcement Policies and Procedures Manual.

2.76 AFSA’s Enforcement Policies and Procedures Manual (PPM) states that the Enforcement team:

[I]s primarily responsible for compliance with the Bankruptcy Act 1966 (the Bankruptcy Act) and Personal Property Securities Act 2009 (the PPS Act). This includes the identification and investigation of material offences under the Bankruptcy Act and contraventions of the PPS Act and where appropriate, the preparation of briefs of evidence for prosecution by the Commonwealth Director of Public Prosecutions (CDPP).

Enforcement staff also … undertake a fraud prevention and investigation role within AFSA. This is done through the agency’s Fraud control plan and fraud risk assessments, which are conducted quarterly.

2.77 During 2022–23, AFSA reported that its Enforcement team:

• accepted 206 referrals for investigation;
• assessed 489 alleged referrals;
• issued 71 official cautions;
• issued 3 infringement notices; and
• forwarded 48 briefs of evidence to the CDPP.⁴⁶

2.78 The Enforcement PPM states:

Conflicts of interest present a risk to Enforcement’s objectivity in investigating the conduct of alleged offenders, and therefore, its ability to ensure that appropriate action is taken in response to a relevant event. The supervision of investigations within the Enforcement team (including the review of decisions) assists to mitigate this risk.

Conflicts of interest may only become apparent to investigators at the time of case allocation and/or once an investigation is underway (e.g. with the identification of witnesses).

As soon as a conflict of interest (real or perceived) is identified, Investigators must make a disclosure to the [Assistant Director Enforcement (ADE)], so that cases can be reallocated and/or a management plan put into place. If the ADE identifies a Conflict of Interest while supervising investigations, this must be reported to the Director so a management plan can be put in place. Investigators and supervisors must complete a FORCE running sheet entry documenting the conflict of interest, and what, if any management plan was put in place and why.

2.79 There are three key control points where a conflict of interest may be declared.

• The Enforcement team member that completes the initial triage assessment of the referral must confirm that they do not have a conflict of interest in AFSA’s Fraud Offence Referral Case Evaluation System (FORCE) before they are able to make a recommendation to the decision maker. FORCE will not allow the assessment to progress until this step is completed;
• The ‘decision maker’ must confirm that they do not have a conflict of interest in FORCE before they are able to formally accept or reject the referral in FORCE.
• The investigator that is allocated to the case is required to raise any conflict of interest concerns with the ADE in accordance with the Enforcement PPM. In such circumstances, a COI declaration and MAP would be completed. FORCE does not require Investigators to explicitly confirm whether or not a conflict of interest exists.

Ad hoc employee declarations

2.80 AFSA’s COI policy states: ‘Where a conflict of interest is not captured by [other declaration processes], AFSA Personnel should complete the Declaration of interests form’.

Managing conflicts of interest

Processes for reviewing conflict of interest declarations

2.83 Section 5.3 of the APSC’s APS Values and Code of Conduct in practice guide states:

Agency heads are responsible for ensuring that conflicts of interest are effectively managed. The agency head must also monitor compliance with the agency’s policy for disclosing and managing conflicts of interest to meet the requirements of the PGPA Act.

A system for registering interests is necessary if the interests are to be managed properly. Such systems will need to:

• ensure that disclosures of conflict of interest are managed in accordance with the Privacy Act
• ensure that disclosures are retained in accordance with the Archives Act 1983
• monitor disclosures to ensure they remain current—this might include, for example, internal controls or external audit
• bring any serious real or apparent conflicts of interest to the attention of the agency head.⁴⁷

2.84 AFSA’s COI policy states:

Where a conflict of interest is identified, a Management Action Plan (MAP) should be created by the relevant manager (unless the relevant division already has a process in place to manage disclosed conflicts). The MAP should describe the action proposed to manage the actual, apparent or potential conflict that has been disclosed and the reasons for these actions.

2.85 Examples of strategies to be included in the MAP are outlined in Table 2.2.

Table 2.2: AFSA’s conflict of interest mitigation strategies

Source: AFSA, Conflict of Interest Policy v1.0 (3 November 2020), section 6.3.

2.86 AFSA’s COI policy states:

Declarations are only useful where they are monitored and updated on an ongoing basis. After a conflict of interest is disclosed, it must be regularly monitored by the discloser’s manager. The risks or circumstances can change and develop new characteristics that may need additional action. The level of monitoring required should be commensurate with the scope and complexity of the particular conflict of interest.

2.87 AFSA’s COI policy includes a MAP template as an appendix.

2.88 AFSA has not documented roles, responsibilities and accountabilities for reviewing conflict of interest declarations across the types of conflict declarations included in its policy. This includes conflicts arising from:

• annual SES disclosures of material financial and personal interests;
• related party transaction disclosures;
• governance committee conflict of interest declarations;
• declarations made by procurement and recruitment delegates; and
• ad hoc conflict of interest declarations made by employees and contractors.

Conflict of interest declaration and Management Action Plan registers

2.89 PM&C’s Louder Than Words Integrity Action Plan includes an action that APS entities share good practice in relation to conflict of interest risk mitigation with a view to support agencies to establish: ‘Centrally-recorded conflict declarations and conflict management plans within agencies, with monitoring and assurance processes in place.’

2.90 AFSA has not established a central register of conflict declarations and associated MAPs. AFSA has devolved arrangements for managing conflicts of interest, where processes for recording conflict of interest declarations and maintaining MAPs differs depending on the type of conflict identified.

• Annual SES disclosures of material personal interests, related party transaction disclosures and governance committee declarations are maintained in separate SharePoint folders. AFSA advised the ANAO in April 2024 that any associated MAPs developed to manage associated conflicts would also be stored in the relevant SharePoint folders, as well as the employee’s HR file.
• All outside employment applications and approvals completed after June 2023 (when the new digital form and workflow was implemented) are centrally recorded in Aurion. Approved outside employment applications were previously required to be maintained in employee HR files.
• Recruitment and procurement conflict declarations are required to be maintained in the recruitment and procurement files to which they relate. In instances where conflicts are identified, employees are required to document proposed conflict mitigation strategies which are reviewed and endorsed by the relevant delegate.
• Practitioner Surveillance conflict declarations are required to be maintained in RECM (refer to paragraph 2.70).
• Conflict declarations made by the Enforcement team are required to be maintained in FORCE (refer to paragraph 2.79).
• Ad hoc employee conflict declarations, and any associated MAPs, are required to be maintained on employee HR files. AFSA previously maintained a MAP register, which included five MAPs. The creation date of the last MAP on the register was 16 February 2021.

2.91 AFSA has not documented conflict of interest declaration and MAP recordkeeping arrangements in its COI policy and supporting guidance. There was no single point of contact or business area in AFSA with full visibility of these arrangements for recording conflicts of interest. AFSA does not have a record of the number of conflict of interest declarations made by AFSA staff or MAPs developed. This information is important to support AFSA to effectively assess and manage conflict of interest risk at an enterprise-level.

Oversight of conflicts of interest

2.94 AFSA did not provide conflict of interest reporting to its governance committees (refer to paragraph 2.44) or accountable authority between 1 January 2022 and 31 December 2023.

2.95 AFSA’s Audit and Risk Committee (ARC) charter states that its role is to:

[P]rovide independent advice to the Chief Executive on the appropriateness of the Agency’s financial and performance reporting, system of risk oversight and management, and system of internal control.

2.96 This includes reviewing and providing independent advice about the appropriateness of the agency’s:

• [S]ystems for risk oversight and risk management as a whole, including the approach to managing key risks, project and program risks, are appropriate, with reference to the Commonwealth Risk Management Policy and any specific areas of concern or suggestions for improvement;
• [F]raud control arrangements are appropriate, and the Agency has implemented appropriate processes and systems to detect, capture and effectively respond to fraud risks consistent with the Commonwealth Fraud Control Framework;
• [O]verall control environment, as reflected in its governance, risk management, and assurance arrangements, including whether relevant processes and policies are in place.

2.97 ARC meetings held between 1 January 2022 and 31 December 2023 did not include any specific reporting in relation to the volume of material personal interests or conflict of interest declarations made by AFSA staff.

Has AFSA developed training and education arrangements to promote compliance with conflicts of interest requirements?

Mandatory training

2.98 In 2022 and 2023, AFSA staff were required to complete mandatory training modules as outlined in the Table 2.3 below. There was no date set by AFSA for when staff were required to complete the mandatory training in 2022. In 2023, mandatory training modules were required to be completed by 31 December 2023.

Table 2.3: AFSA mandatory training modules in 2022 and 2023

Source: ANAO analysis of mandatory training for staff provided by AFSA.

2.99 Three of the mandatory training modules delivered in 2022 and 2023 included content related to managing conflicts of interest, as detailed in Table 2.4.

Table 2.4: Conflict of interest content in mandatory training modules

Source: ANAO analysis of AFSA training materials for mandatory training modules.

2.100 PM&C’s Louder Than Words publication states that the APS would benefit from dedicated, ongoing education for staff at all levels about the rules, practice and significance of managing conflicts of interest. The report recommended that agencies establish:

Regular, scenario-based training and guidance for staff at all levels on how to identify, declare and, most importantly, manage and monitor conflicts of interest to uphold integrity.⁴⁸

2.101 AFSA has not developed regular scenario-based training that is tailored to its operating environment. Specific training on conflicts of interest was last undertaken by AFSA in December 2020, following introduction of the COI policy in November 2020. This training session was delivered online and, while all AFSA staff were invited to attend, it was not mandatory. Training attendance was not recorded by AFSA.

2.102 The Integrity in the APS training module includes a conflict of interest scenario. This is an APS-wide training module and is not tailored or specific to AFSA’s operating environment. Refer to paragraphs 3.35 and 3.36 for details of training completion rates.

Monitoring and reporting on training and education

2.103 AFSA had not implemented arrangements for monitoring compliance with mandatory training requirements. There were no escalation processes or consequences for non-compliance. Arrangements for following up overdue training had not been established.

2.104 Roles and responsibilities for monitoring and reporting on mandatory training completion were not clearly defined. Completion of mandatory training is listed as an enabling activity for two of AFSA’s critical controls: SR-01-01 ‘Workforce Integrity’ and ER-02-44 ‘Fraud Reporting and Investigation’. ‘Review of mandatory training completion by AFSA staff’ is listed as a verification check, or a measure of control effectiveness for both of these critical controls.

• For SR-01-01 ‘Workforce Integrity’, responsibility for performing verification checks was assigned to different personnel. Responsibility was assigned to the Agency Security Advisor in December 2023, and had previously been assigned to the Director of Governance Risk & Assurance, Director of Enforcement, and Chief People Officer since January 2022.
• For ER-02-44 ‘Fraud Reporting and Investigation’, responsibility for verification checks was assigned to the Assistant Director of People Assist from January 2022 to December 2023.

2.105 AFSA had not established clear and consistent performance targets for mandatory training.

• In the ER-02-44 critical control profile, AFSA set a performance target of completion and satisfaction ratings for Fraud Awareness training module at ‘above 80 per cent’. This target did not consider completion of the Integrity in the APS training module which was mandatory for all AFSA staff in 2022 and for all new starters in 2023.
• The SR-01-01 critical control profile refers to all of AFSA’s mandatory training modules as an enabling activity. No performance target for training completion is established in this document.

2.106 Training completion data for AFSA’s mandatory training modules is recorded in the Learnhub training management system.⁴⁹ AFSA’s Capability Development team can run reports in Learnhub which detail completion of individual modules by AFSA staff. There were no arrangements established to run these reports, nor to provide them to appropriate AFSA stakeholders or governance committees.

2.107 In early 2024, AFSA developed a mandatory training program which outlines mandatory training modules, timeframes for completion, roles and responsibilities and monitoring and reporting arrangements. Implementation of the program commenced in April 2024 with the rollout of Security Awareness training and commencement of monitoring and reporting arrangements.

Has AFSA developed arrangements to obtain assurance over the management of conflicts of interest?

Assurance arrangements

2.110 AFSA’s Assurance Strategy 2023/24 (Assurance Strategy) states that its purpose is to:

[D]etail the range of internal control mechanisms in place within AFSA, their oversight structures and the way that these control structures work together to provide assurance across the range of AFSA’s operations. The document also outlines AFSA’s priorities for the assurance activities to be undertaken for the 2023/24 financial year.

2.111 The Assurance Strategy is intended to:

• Identify potential gaps relating to key risks and controls, and to minimise opportunities for ‘false assurance’.
• Ensure that resources allocated to assurance activities are used efficiently and that there is no duplication of effort.
• Increase awareness across AFSA of why assurance activities are important, and how they contribute to continuous improvement.

2.112 The Assurance Strategy does not identify assurance activity related to integrity, ethical conduct, or conflict of interest.

Internal audit

2.113 AFSA has not examined the design or effectiveness of conflict of interest arrangements as a discrete topic.

2.114 In November 2023, AFSA’s then-internal audit provider (PricewaterhouseCoopers Australia) completed a procurement and contract management internal audit that identified an absence of guidance to support the effective management of conflict of interest risks in the procurement process (refer to paragraphs 2.61 to 2.64). The report made a related recommendation to improve the identification and management of conflicts of interest related to procurement. The recommendation was accepted by AFSA with a target implementation date of 30 June 2024. AFSA advised the ANAO in September 2024 that the implementation date had been revised to November 2024.

AFSA tip off system

2.115 AFSA implemented a tip-off system in August 2022. The system allows any person, internal or external to AFSA, to use an online form⁵⁰ to send a tip-off or report behaviour about misconduct by an industry participant or AFSA employee. Between August 2022 and December 2023, AFSA received one tip-off that related to the management of a conflict of interest (refer to paragraph 3.39).

3.1 The National Anti-Corruption Commission (NACC) has stated that ‘identifying, disclosing and managing potential conflicts of interest is a critical pillar in integrity architectures’.⁵¹

3.2 After establishing appropriate arrangements for managing conflicts of interest, entities need to ensure that the arrangements are operating effectively. This involves making sure that processes for declaring interests and managing conflicts of interest are being implemented consistently with the entity policies. Entities should also ensure that officials complete any required training and education, and planned assurance activities are conducted and acted upon.

Are AFSA’s processes for declaring and managing conflicts of interest operating effectively?

SES annual declarations of material personal interests

3.3 AFSA’s arrangements for SES annual declarations of material personal interests are completed at the end of the financial year (refer to paragraphs 2.29 to 2.33).

3.4 In 2021–22, there were 13 AFSA SES and Key Management Personnel (KMP) who were required to complete an annual declaration of material personal interests — 12 of these officials complied with this requirement by completing AFSA’s Declaration of Personal, Financial and Other Interest form. These declarations were completed between 30 June 2022 and 24 July 2022.

3.5 Three of the 12 declaration forms included disclosures of material personal interests. AFSA did not have a process to review and assess annual SES declarations to identify potential conflicts (refer to paragraph 2.88). There were no management action plans (MAPs) developed for the three SES or KMP who disclosed material personal interests. The disclosures made included two instances of outside employment where approval had not been obtained (refer to paragraph 3.16).

3.6 In 2022–23 AFSA did not have an appropriate process to obtain annual declarations of material personal and financial interests from SES (refer to paragraphs 2.32 and 2.33). During this financial year, there were 20 AFSA SES and KMP who were required to complete an annual declaration of material personal interests (the increase from 2021–22 to 2022–23 was due to a higher level of SES staff turnover in 2022–23). AFSA maintained records indicating that 16 of the 20 personnel completed a Related Party Disclosures form. These declarations were completed between 22 July 2023 and 31 August 2023 and related to the period 1 July 2022 to 30 June 2023.

3.7 Seven of the 16 declaration forms included disclosures of material personal interests. AFSA did not have a process to review and assess these declarations to identify potential conflicts (refer to paragraph 2.88). There were no MAPs developed for the seven SES or KMP who disclosed material personal interests. Case study 1 provides details of the types of material personal interests disclosed as part of AFSA’s 2022 and 2023 annual SES declarations.

Gifts, benefits and hospitality

3.8 AFSA’s arrangements for managing conflicts of interest arising from the acceptance of a gift, benefit or hospitality include recording gifts, benefits and hospitality in a register (refer to paragraphs 2.35 and 2.36). AFSA publishes a register of gifts and benefits valued at over $AUD100.00 (excluding GST) accepted by entity officials on its website on a quarterly basis.

3.9 There were 7 items published in AFSA’s gifts and benefits register between 1 January 2022 and 31 December 2023. These items are summarised below in Table 3.1.

3.10 AFSA’s gifts and benefits declaration process does not require recipients or approvers to document whether the acceptance of a gift, benefit or hospitality may give risk to an actual, potential or perceived conflict of interest (refer to paragraph 2.36).

Outside employment

3.11 AFSA’s arrangements for managing conflicts of interest arising from outside employment involve obtaining approval for applications (refer to paragraphs 2.39 to 2.43).

3.12 There were 31 outside employment applications made by AFSA officials during between 1 January 2022 and 31 December 2023. Of these, 15 applications were made prior to June 2023 (i.e., before the implementation of the Aurion self-service form), while the remaining 16 applications were made from June 2023 onwards.

3.13 There was one outside employment application (which is outlined in Case study 2) that was approved but did not satisfy AFSA’s internal policy requirements. There were no records maintained to indicate why the outside employment application was approved as an exception to internal policy requirements.

3.14 There were 15 approved outside employment arrangements that had not been subject to annual review (including the arrangement referenced in Case study 2). AFSA advised the ANAO in May 2024 that:

There is no current review process in place for these forms … The People Systems team are working on the creating a process whereby an automated reminder will be sent to employees/managers when the 12-month anniversary of their form is [approaching].

3.16 Declarations of material personal interest and conflict of interest declarations made by employees included a further two instances where AFSA personnel declared that they were engaging in employment outside AFSA, where no formal approval had been sought (refer to paragraph 3.5).

Governance and assurance committees

3.17 AFSA’s arrangements for declaring conflicts of interest include conflicts arising from governance committee memberships (refer to paragraphs 2.44 to 2.47). Declarations were required to be made by members of the Executive Committee (EC)⁵², previously the AFSA Management Board (AMB), and Audit and Risk Committee (ARC) in the 2022 and 2023 calendar years.

3.18 In both 2022 and 2023, there were 15 members of the Executive Committee and four members of the ARC during the calendar year. The outcomes of ANAO’s review of related conflict of interest declarations are summarised below in Table 3.2.

Table 3.2: Governance committee conflict declarations in 2022 and 2023

Note a: AFSA advised the ANAO in May 2024 that ‘[The] timeframe requested include[d] a period where interim arrangements for coordination of committee secretariat was in place, prior to the centralisation and creation of a governance unit’.

Note b: AFSA advised the ANAO in May 2024 that three of the five instances of non-compliance were due to committee members not completing an annual declaration for over 12 months between December 2022 and February 2024.

Note c: AFSA advised the ANAO in May 2024 that both instances of non-compliance had resulted from a lack of clarity regarding the term ‘annual declaration’ (that is, whether this meant ARC members needed to complete a new declaration every 12 months, or just once every calendar year).

Source: ANAO analysis of disclosures made by members of governance committees.

3.19 As noted above in Table 3.2, there were a total of 11 instances identified where committee members declared conflicts as part of the Conflict of Interest Declaration (Boards and Committees) form. AFSA had not maintained records to support whether these conflicts were reviewed to determine if conflict mitigation strategies were required. There were no MAPs developed for the 11 committee members that disclosed conflicts.

Recruitment

3.21 AFSA’s arrangements for managing conflicts of interest arising from recruitment activities involve the declaration of interests by Selection Advisory Committee (SAC) members (refer to paragraphs 2.50 to 2.52).

3.22 There were 186 employees onboarded at AFSA between 1 January 2022 and 31 December 2023. This included ongoing employees and employees on a secondment arrangement. The ANAO assessed the management of conflicts of interest during the recruitment of 10 employees. Deficiencies were identified across eight of these recruitments:

• there were five instances where SAC members did not complete a conflict of interest declaration;
• there were three instances where conflict of interest declarations completed by SAC members did not include all relevant information (that is, they were not dated or not signed by the delegate); and
• there were five instances where the delegate did not complete a conflict of interest declaration in accordance with internal policy requirements (refer to paragraph 2.52).

3.23 There were inconsistent practices implemented during recruitment activities to mitigate similar types of conflicts of interest. This included six instances where SAC members declared professional relationships with candidates (both while working at AFSA and through prior employment). Related mitigation strategies proposed by SAC members, and approved by delegates, included:

• the SAC member recusing themselves from assessing or discussing relevant applications where they held a professional relationship with the candidate;
• the SAC member assessing the application but allowing other SAC members to lead the conversation on the candidate before offering their opinion; and
• a written commitment from the SAC member they would act impartially.

3.24 AFSA does not have standardised or documented protocols or mitigation strategies for managing these conflicts.

Post-separation employment

3.26 AFSA has not implemented any processes to identify and manage conflicts of interest arising from post-separation employment (refer to paragraph 2.57).

Procurement

3.27 AFSA’s internal audit on ‘Procurement and Contract Management’ that was completed in November 2023 (refer to paragraphs 2.59 to 2.64) identified deficiencies in the effectiveness of conflict of interest arrangements for procurement activities. The related recommendation was scheduled for implementation in June 2024. As of May 2024, implementation of the recommendation was incomplete.

Practitioner surveillance

3.28 AFSA’s arrangements for managing conflicts of interest arising from practitioner surveillance activities involve the declaration of interests and completion of related checklists (refer to paragraphs 2.68 to 2.72).

3.29 AFSA advised the ANAO in May 2024 that there were no conflicts of interest declared in relation to practitioner surveillance activities between 1 January 2022 and 31 December 2023. The ANAO identified two conflict of interest declarations made in relation to practitioner surveillance activities during this period (one of which is outlined in Case study 3) which were not maintained on file or recorded in a central register.

3.30 The ANAO also identified two officials, previously employed at regulated entities, with personal relationships with practitioners employed at these entities. Declarations of interest by these officials were made in June 2024 for the first time following ANAO inquiries into the management of these interests. AFSA’s National Manager Education, Surveillance and Enforcement (ESE) sent an email communication to all ESE staff on 18 June 2024 that an annual declaration of interest process was being implemented.

Enforcement

3.31 AFSA’s arrangements for managing conflicts of interest arising from enforcement activities involve the declaration of interests (refer to paragraphs 2.75 to 2.79).

3.32 AFSA advised the ANAO in May 2024 that there were no conflicts declared by AFSA employees in relation to enforcement activities in 2022 and 2023.

Are AFSA’s training and education arrangements operating effectively?

3.33 The mandatory training modules in Learnhub are AFSA’s key training and education arrangements for raising staff awareness to obligations relating to conflicts of interest (refer to paragraphs 2.98 to 2.99).

3.34 As noted at paragraphs 2.103 to 2.104, AFSA did not monitor training completion for its mandatory training modules between 1 January 2022 and 31 December 2023.

3.35 On 29 November 2023, AFSA’s Chief Audit Executive reported to the ARC that the status of training completion for the Fraud Awareness module was 53 per cent as of 31 October 2023. A related action item was raised during the meeting to remind staff of the need to complete training by 31 December 2023. In response, an article reminding staff to complete their mandatory training was published on AFSA’s intranet on 25 January 2024. AFSA advised the ANAO in April 2024 that it did not subsequently monitor and report completion rates for mandatory training as at 31 December 2023, or after the intranet article was published.

3.36 The ANAO’s analysis of AFSA’s training completion data as at 14 March 2024 indicated that:

• 88 per cent of staff had completed the Fraud Awareness training module (required to be completed annually) in the last 12 months; and
• 39 per cent of new starters had completed the Integrity in the APS training module (a mandatory training requirement) in either 2022 or 2023.

Are AFSA’s arrangements for obtaining assurance over the management of conflicts of interest operating effectively?

3.37 Establishing an evidence-based assurance framework supports prioritisation of assurance coverage based on risk and seeks to minimise duplication of assurance effort. Assurance frameworks may include activities associated with assessment of the operating effectiveness of preventative and detective controls and support continuous improvement of the control framework.

3.38 AFSA’s Assurance Strategy does not identify any assurance activity related to integrity, ethical conduct, or conflict of interest (refer to paragraph 2.112). AFSA has not specifically identified conflict of interest risks and controls as part of its risk management framework (refer to paragraph 2.6). This means that conflict of interest controls are not subject to the quarterly verification and operating assessment arrangements that underpin AFSA’s risk management framework (refer to paragraph 2.4).

3.39 AFSA received one tip off between 1 January 2022 and 31 December 2023 that related to conflicts of interest. The tip-off alleged that an AFSA employee failed to appropriately disclose a conflict of interest during a recruitment process. Following the tip-off, AFSA conducted an investigation that did not enquire into the nature of the personal relationship between the chair of the SAC and the successful candidate (see Case study 4).

Appendix 1 Entity response

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of ANAO audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s Corporate Plan states that the ANAO’ s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

• In June 2024, the Australian Financial Security Authority (AFSA) advised the ANAO that it had commenced work to revise its risk management arrangements, including the enterprise framework and reporting approach since February 2024 (refer to paragraph 2.3).
• In May 2023, AFSA’s Chief Operating Officer commenced an internal review of its integrity functions, which included examination of arrangements for managing conflicts of interest. AFSA advised the ANAO in April 2024 that, as a result of this review, it centralised its approach to managing conflicts of interest and engaged a dedicated resource to assist in uplift of its fraud and integrity arrangements (refer to paragraph 2.27).
• In May 2023, AFSA commenced a project to modernise AFSA’s Human Resources policies and guidance. This specifically included review of AFSA’s Conflict of Interest Policy (refer to paragraph 2.25).
• In April 2024, AFSA completed an assessment of its maturity against the Commonwealth Fraud and Corruption Rule and Policy which came into effect on 1 July 2024. Following this assessment, six priority maturity enhancement initiatives were planned to assist maturation of AFSA’s fraud and corruption control environment and demonstrate compliance with associated requirements (refer to paragraph 2.27).
• In June 2024, AFSA implemented a register to record declared conflicts of interest for the Practitioner Surveillance team (refer to paragraph 2.90).
• In the early 2024 AFSA developed and implemented a mandatory training program which outlines mandatory modules, timeframes for completion, roles and responsibilities and monitoring and reporting arrangements (refer to paragraph 2.107).
• In June 2024, AFSA’s National Manager Education, Surveillance and Enforcement (ESE) emailed ESE staff advising of the implementation of an annual conflict of declaration process (refer to paragraph 3.30).

Appendix 3 References to integrity and regulatory risks in AFSA’s risk reporting

Source: AFSA, Quarter 2 2023 Risk Summary Sheets, prepared as part of quarterly risk reporting processes.

Appendix 4 References to conflict of interest controls in AFSA’s critical control profiles

Source: AFSA, Critical Control Profiles for Quarter 2, 2023.